Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-27330 A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected in... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-28780 Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper pro... | 5.0 | MEDIUM | — | 0 |
| CVE-2022-28781 Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller. | 7.7 | HIGH | — | 0 |
| CVE-2023-48366 Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable information disclosure via local access. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-28784 Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of... | 4.0 | MEDIUM | — | 0 |
| CVE-2022-28785 Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check log... | 4.0 | MEDIUM | — | 0 |
| CVE-2022-28786 Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check log... | 4.0 | MEDIUM | — | 0 |
| CVE-2022-28787 Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check log... | 4.0 | MEDIUM | — | 0 |
| CVE-2022-28788 Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check log... | 4.0 | MEDIUM | — | 0 |
| CVE-2022-28789 Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities. | 6.2 | MEDIUM | — | 0 |
| CVE-2022-28790 Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic. | 4.0 | MEDIUM | — | 0 |
| CVE-2022-28791 Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prev... | 6.2 | MEDIUM | — | 0 |
| CVE-2022-28792 DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking. | 6.2 | MEDIUM | — | 0 |
| CVE-2022-28793 Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch i... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-22680 NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, result... | 7.3 | HIGH | — | 0 |
| CVE-2021-27411 Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitra... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-27417 eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memo... | 4.6 | MEDIUM | — | 0 |
| CVE-2021-27419 uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected be... | 7.3 | HIGH | — | 0 |
| CVE-2023-49603 Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 7.5 | HIGH | — | 0 |
| CVE-2021-27421 NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to u... | 7.3 | HIGH | — | 0 |
| CVE-2021-27425 Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavi... | 7.3 | HIGH | — | 0 |
| CVE-2021-27427 RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash... | 7.3 | HIGH | — | 0 |
| CVE-2021-27431 ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpec... | 7.3 | HIGH | — | 0 |
| CVE-2021-27433 ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash... | 7.3 | HIGH | — | 0 |
| CVE-2021-27435 ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a rem... | 7.3 | HIGH | — | 0 |
| CVE-2021-27439 TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to a... | 7.3 | HIGH | — | 0 |
| CVE-2023-49615 Improper input validation in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 7.5 | HIGH | — | 0 |
| CVE-2022-20101 In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is n... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20102 In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction i... | 4.4 | MEDIUM | — | 0 |
| CVE-2022-20103 In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is n... | 4.4 | MEDIUM | — | 0 |
| CVE-2022-20104 In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interacti... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20105 In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction ... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-20106 In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction i... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-20107 In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not neede... | 4.4 | MEDIUM | — | 0 |
| CVE-2022-20108 In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interacti... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-20111 In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not nee... | 8.4 | HIGH | — | 0 |
| CVE-2022-21743 In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed f... | 7.8 | HIGH | — | 0 |
| CVE-2021-43159 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common.... | 8.8 | HIGH | — | 0 |
| CVE-2021-43160 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnos... | 8.8 | HIGH | — | 0 |
| CVE-2021-43161 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. | 8.8 | HIGH | — | 0 |
| CVE-2021-43162 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagno... | 8.8 | HIGH | — | 0 |
| CVE-2021-43163 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43164 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless... | 8.8 | HIGH | — | 0 |
| CVE-2022-24901 Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerabili... | 7.5 | HIGH | — | 0 |
| CVE-2022-27420 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27470 SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. | 7.8 | HIGH | — | 0 |
| CVE-2022-1502 Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-1555 DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-42192 Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation. | 8.8 | HIGH | — | 0 |
| CVE-2022-1571 Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cooki... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.